From: Petr Lautrbach <lautrbach@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: selinux@vger.kernel.org
Subject: Re: [PATCH] SECURITY.md: add lautrbach@redhat.com gpg fingerprint
Date: Wed, 14 Jan 2026 19:28:50 +0100 [thread overview]
Message-ID: <873448ujz1.fsf@redhat.com> (raw)
In-Reply-To: <CAHC9VhTcEFHNJcTSbvWFU4gKpAUBg-8cLAfushX8CrhnT41SbQ@mail.gmail.com>
Paul Moore <paul@paul-moore.com> writes:
> On Thu, Jan 8, 2026 at 3:57 AM Petr Lautrbach <lautrbach@redhat.com> wrote:
>> Paul Moore <paul@paul-moore.com> writes:
>> > On Wed, Jan 7, 2026 at 7:08 AM Petr Lautrbach <lautrbach@redhat.com> wrote:
>> >> Paul Moore <paul@paul-moore.com> writes:
>> >> > On Mon, Jan 5, 2026 at 12:46 PM Petr Lautrbach <lautrbach@redhat.com> wrote:
>
> ...
>
>> >> >> diff --git a/SECURITY.md b/SECURITY.md
>> >> >> index 2a7ce5b317a7..faa060ccff03 100644
>> >> >> --- a/SECURITY.md
>> >> >> +++ b/SECURITY.md
>> >> >> @@ -24,7 +24,8 @@ list is below. We typically request at most a 90 day time period to address
>> >> >> the issue before it is made public, but we will make every effort to address
>> >> >> the issue as quickly as possible and shorten the disclosure window.
>> >> >>
>> >> >> -* Petr Lautrbach, plautrba@redhat.com
>> >> >> +* Petr Lautrbach, lautrbach@redhat.com
>> >> >> + * (GPG fingerprint) 68D2 1823 342A 1368 3AEB 3E4E FB4C 685B 5DC1 C13E
>> >> >
>> >> > I think you may want to list the fingerprint of your primary key and
>> >> > not a subkey, as the primary key is what carries the signatures and
>> >> > helps verify trust.
>> >> >
>> >>
>> >> I guess I need help then:
>> >>
>> >> $ gpg --show-keys --fingerprint lautrbach@redhat.com.gpg
>> >
>> > You want to use the key fingerprint which displays when you run 'gpg
>> > --fingerprint <email>'. Assuming you have the keys for the other devs
>> > in your keyring, you'll notice that command can be used to reproduce
>> > the other fingerprints in the file.
>> >
>> > % gpg --fingerprint plautrba@redhat.com
>> > pub rsa4096 2012-04-03 [SC]
>> > E853 C184 8B01 85CF 4286 4DF3 63A8 AD4B 982C 4373
>> > uid [ full ] Petr Lautrbach <plautrba@redhat.com>
>> > sub rsa4096 2012-04-03 [E]
>> > sub rsa4096 2017-12-05 [S]
>> > sub rsa4096 2017-12-05 [A]
>>
>> I've also changed my email contact address to lautrbach@redhat.com which I
>> use for some time already:
>>
>> > From: Petr Lautrbach <lautrbach@redhat.com>
>>
>> > -* Petr Lautrbach, plautrba@redhat.com
>> > +* Petr Lautrbach, lautrbach@redhat.com
>
> There are mechanisms to add a new identity to an existing GPG key:
>
> https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key
>
I could add plautrba@redhat.com to lautrbach@redhat.com (68D2 1823 342A
1368 3AEB 3E4E FB4C 685B 5DC1 C13E) but it would not make any
difference for this purpose.
I use lautrbach@redhat.com email and I expect people send me encrypted
emails using 68D2 1823 342A 1368 3AEB 3E4E FB4C 685B 5DC1 C13E key there.
I use lautrbach@redhat.com identity for signing since SELinux userspace release
3.6 in December 2023.
$ gpg --verify checkpolicy-3.6.tar.gz.asc
gpg: assuming signed data in 'checkpolicy-3.6.tar.gz'
gpg: Signature made Wed 13 Dec 2023 03:47:30 PM CET
gpg: using RSA key 1BE2C0FF08949623102FD2564695881C254508D1
gpg: Good signature from "Petr Lautrbach <lautrbach@redhat.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: B868 2847 764D F60D F52D 992C BC39 05F2 3517 9CF1
Subkey fingerprint: 1BE2 C0FF 0894 9623 102F D256 4695 881C 2545 08D1
$ gpg --verify checkpolicy-3.9.tar.gz.asc
gpg: assuming signed data in 'checkpolicy-3.9.tar.gz'
gpg: Signature made Wed 16 Jul 2025 12:55:48 PM CEST
gpg: using RSA key 7200EB2C3F5E488463C0CE9ECDCAE8C927C6BE31
gpg: Good signature from "Petr Lautrbach <plautrba@redhat.com>" [ultimate]
gpg: aka "Petr Lautrbach <lautrbach@redhat.com>" [ultimate]
Primary key fingerprint: 68D2 1823 342A 1368 3AEB 3E4E FB4C 685B 5DC1 C13E
Subkey fingerprint: 7200 EB2C 3F5E 4884 63C0 CE9E CDCA E8C9 27C6 BE31
The only copy of private key of E853 C184 8B01 85CF 4286 4DF3 63A8 AD4B982C 4373
was on my yubikey which I destroyed few years ago when I forgot the PIN.
Petr
next prev parent reply other threads:[~2026-01-14 18:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 17:40 [PATCH] SECURITY.md: add lautrbach@redhat.com gpg fingerprint Petr Lautrbach
2026-01-06 22:03 ` Paul Moore
2026-01-07 12:08 ` Petr Lautrbach
2026-01-07 20:18 ` Paul Moore
2026-01-08 8:57 ` Petr Lautrbach
2026-01-09 21:29 ` Paul Moore
2026-01-14 18:28 ` Petr Lautrbach [this message]
2026-01-14 20:55 ` Paul Moore
2026-01-15 8:00 ` Petr Lautrbach
2026-01-15 16:22 ` Paul Moore
2026-01-15 17:01 ` Petr Lautrbach
2026-01-15 18:30 ` Paul Moore
2026-01-15 18:34 ` Paul Moore
2026-01-15 19:29 ` Petr Lautrbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873448ujz1.fsf@redhat.com \
--to=lautrbach@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox